Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Let the server take a list of SECRET_KEYS

  • Loading branch information...
commit 3c565826e0d5c6b005d367b17713bc7ec60f538b 1 parent 903b181
Toby White authored
Showing with 19 additions and 9 deletions.
  1. +1 −1  .gitignore
  2. +16 −6 gmail.py
  3. +2 −2 mail.py
View
2  .gitignore
@@ -1,2 +1,2 @@
*.pyc
-GMAIL_SECRET_KEY
+GMAIL_SECRET_KEYS
View
22 gmail.py
@@ -8,19 +8,29 @@ class MessageSendingFailure(Exception):
class Signer(object):
- def __init__(self, SECRET_KEY=None):
- if not SECRET_KEY:
+ def __init__(self, SECRET_KEYS=None):
+ if not SECRET_KEYS:
try:
- SECRET_KEY = os.environ['GMAIL_SECRET_KEY']
+ SECRET_KEYS = [os.environ['GMAIL_SECRET_KEY']]
except KeyError:
try:
- SECRET_KEY = open('/etc/envdir/GMAIL_SECRET_KEY').readline().rstrip()
+ SECRET_KEYS = [open('/etc/envdir/GMAIL_SECRET_KEY').readline().rstrip()]
except OSError:
raise EnvironmentError("GMAIL_SECRET_KEY is not set.")
- self.SECRET_KEY = SECRET_KEY
+ self.SECRET_KEYS = SECRET_KEYS
+
+ @staticmethod
+ def sign(msg, key):
+ return base64.encodestring(hmac.new(key, msg, hashlib.sha1).digest()).strip()
def generate_signature(self, msg):
- return base64.encodestring(hmac.new(self.SECRET_KEY, msg, hashlib.sha1).digest()).strip()
+ return self.sign(msg, self.SECRET_KEYS[0])
+
+ def verify_signature(self, msg, signature):
+ for key in self.SECRET_KEYS:
+ if self.sign(msg, key) == signature:
+ return True
+ return False
class Connection(object):
View
4 mail.py
@@ -83,8 +83,8 @@ def send_message(msg):
raise BadMessageError("Unauthorized message sender '%s'" % sender)
def check_signature(msg, signature):
- GMAIL_SECRET_KEY = open('GMAIL_SECRET_KEY').read().strip()
- return Signer(GMAIL_SECRET_KEY).generate_signature(msg) == signature
+ GMAIL_SECRET_KEYS = [k.strip() for k in open('GMAIL_SECRET_KEYS') if k]
+ return Signer(GMAIL_SECRET_KEYS).verify_signature(msg, signature)
def parse_args(request):
msg = request.get('msg')
Please sign in to comment.
Something went wrong with that request. Please try again.